Students faced off against experienced hackers at the Mid-Atlantic Regional Collegiate Cyber Defense Competition. The students' goal: lock down unfamiliar systems and secure their networks. The hackers' goal: to own the students' networks and steal important data. Seth Fogie witnessed this real-world competition and reports on its unexpected twists, turns, and even drama.

Like this article? We recommend

Like this article? We recommend

Imagine if you just graduated with an IS degree and landed a job at a small
business as their only IT staffer. You know your way around an
operating system and understand some of the protocols and programs that keep
data flowing, but for the most part your skills are untested in the real world.
Regardless, you are the only thing separating the company's users and data
from downtime. Sound like a tough situation? Oh, I forgot to mention there are
four of the best hackers in the world trying to get into your digital domain and
steal anything of value, including a database of 10,000 credit card numbers.
This isn't something seasoned administrators would want to face, much less
fresh graduates.

Well, this is exactly what several groups of college students faced recently
at the Regional Collegiate Cyber Defense Competition, which was held at several
locations around the US. I was able to attend this three day event, and this is
my story. Get ready for some fun, shocks, and dohs! as you follow along with me,
the Red Team, and the students.

Collegiate Cyber Defense Competition

Before we get into the actual details of the event, it is important to
highlight the reason behind the competition. As per their website at
http://utsa.edu/cias/CCDC,
"Unlike traditional 'hack and defend' or 'capture the
flag' contests, this competition tests each team’s ability to
operate, secure, manage, and maintain a corporate network. This competition is
the first to create, as closely as possible, a realistic corporate
administration and security experience — giving the competitors a chance
to compare their education and training against their peers and the real world
challenges that await them."

In other words, the competition is about creating a practical experience from
the classroom knowledge. Students simply take what they have learned and apply
it in a simulated environment for educational purposes. However, the competition
aspect helps schools know where they stand in relation to other schools that are
teaching related content. It is important to note that the program is funded
'in part' by the National Science Foundation (Award ID 0501828
http://www.nsf.gov/awardsearch/showAward.do?AwardNumber=0501828)
and has paid out a little over $1,000,000 so far to create "problem-based
and case-based learning methodologies in order to provide students with
activities that simulate real-life work experiences <with a focus on
security>." I suggest you check out the above link to see the details
of this award.

The contests are first held regionally, and the winner of each regional
exercise competes against each other at the national finals in San Antonio,
Texas. I attended the Mid-Atlantic Regional Collegiate Cyber Defense
Competition, which was hosted in Lancaster, PA by White Wolf Security. The five
schools where from the PA/VA/MD area and were a mix of two/four year degrees
that range from networking to programming. The participating schools were:

Anne Arundel Community College

Community College of Baltimore County

George Mason University

Millersville University

Towson University

White Wolf Security

The host and operator of the event (White Wolf Security) operates a training
facility that serves as a working-training environment for hands on computer
lab-based education. Everyone, from local colleges to the US Secret Service, use
White Wolf's equipment as a hands-on lab for training events and other
related activities. The owner, Tim Rosenberg, is well known in
educational/government circles for both his lab (which is mobile) and for his
training events.